summaryrefslogtreecommitdiffstats
path: root/usr.bin/ssh/ssh-keygen.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* translate and return error codes; retry on bad PINdjm2019-12-301-9/+19
| | | | | | | | | | Define some well-known error codes in the SK API and pass them back via ssh-sk-helper. Use the new "wrong PIN" error code to retry PIN prompting during ssh-keygen of resident keys. feedback and ok markus@
* SK API and sk-helper error/PIN passingdjm2019-12-301-2/+2
| | | | | | | | | | | Allow passing a PIN via the SK API (API major crank) and let the ssh-sk-helper API follow. Also enhance the ssh-sk-helper API to support passing back an error code instead of a complete reply. Will be used to signal "wrong PIN", etc. feedback and ok markus@
* basic support for generating FIDO2 resident keysdjm2019-12-301-1/+3
| | | | | | | "ssh-keygen -t ecdsa-sk|ed25519-sk -x resident" will generate a device-resident key. feedback and ok markus@
* remove single-letter flags for moduli optionsdjm2019-12-301-101/+150
| | | | | | | | | | | Move all moduli generation options to live under the -O flag. Frees up seven single-letter flags. NB. this change break existing ssh-keygen commandline syntax for moduli- related operations. Very few people use these fortunately. feedback and ok markus@
* prepare for use of ssh-keygen -O flag beyond certsdjm2019-12-301-3/+8
| | | | | | | | | | Move list of available certificate options in ssh-keygen.1 to the CERTIFICATES section. Collect options specified by -O but delay parsing/validation of certificate options until we're sure that we're acting as a CA. ok markus@
* when acting as a CA and using a security key as the CA key, remind thedjm2019-12-101-4/+16
| | | | user to touch they key to authorise the signature.
* Print a key touch reminder when generating a security key. Most keysdjm2019-11-251-1/+6
| | | | require a touch to authorize the operation.
* allow "ssh-keygen -x no-touch-required" when generating a security keydjm2019-11-251-8/+14
| | | | | | | keypair to request one that does not require a touch for each authentication attempt. The default remains to require touch. feedback deraadt; ok markus@
* add a "no-touch-required" option for authorized_keys and a similardjm2019-11-251-8/+17
| | | | | | | | extension for certificates. This option disables the default requirement that security key signatures attest that the user touched their key to authorize them. feedback deraadt, ok markus
* Add new structure for signature optionsdjm2019-11-251-3/+10
| | | | | | | | | This is populated during signature verification with additional fields that are present in and covered by the signature. At the moment, it is only used to record security key-specific options, especially the flags field. with and ok markus@
* more missing mentions of ed25519-sk; ok djm@naddy2019-11-181-2/+2
|
* additional missing stdarg.h includes when built without WITH_OPENSSL; ok djm@naddy2019-11-181-1/+2
|
* Fix incorrect error message when key certification failsdjm2019-11-181-2/+2
|
* allow *-sk key types to be turned into certificatesdjm2019-11-181-4/+2
|
* missing break in getopt switch; spotted by Sebastian Kinnedjm2019-11-181-1/+2
|
* directly support U2F/FIDO2 security keys in OpenSSH by linkingdjm2019-11-141-1/+4
| | | | | | against the (previously external) USB HID middleware. The dlopen() capability still exists for alternate middlewares, e.g. for Bluetooth, NFC and test/debugging.
* security keys typically need to be tapped/touched in order to performdjm2019-11-121-3/+11
| | | | | | | a signature operation. Notify the user when this is expected via the TTY (if available) or $SSH_ASKPASS if we can. ok markus@
* enable ed25519 support; ok djmmarkus2019-11-121-5/+15
|
* duplicate 'x' character in getopt(3) optstringdjm2019-11-081-2/+2
|
* Fill in missing man page bits for U2F security key support:naddy2019-11-071-2/+3
| | | | | | | | | | | Mention the new key types, the ~/.ssh/id_ecdsa_sk file, ssh's SecurityKeyProvider keyword, the SSH_SK_PROVIDER environment variable, and ssh-keygen's new -w and -x options. Copy the ssh-sk-helper man page from ssh-pkcs11-helper with minimal substitutions. ok djm@
* fix -Wshadow warningdjm2019-10-311-2/+2
|
* Refactor signing - use sshkey_sign for everything, including the newdjm2019-10-311-7/+11
| | | | | | | | | | | U2F signatures. Don't use sshsk_ecdsa_sign() directly, instead make it reachable via sshkey_sign() like all other signature operations. This means that we need to add a provider argument to sshkey_sign(), so most of this change is mechanically adding that. Suggested by / ok markus@
* ssh-keygen support for generating U2F/FIDO keysdjm2019-10-311-6/+35
|
* free buf before return; reported by krishnaiah bommudjm2019-10-161-1/+2
|
* use a more common options order in SYNOPSIS and sync usage();jmc2019-10-031-17/+17
| | | | | | while here, no need for Bk/Ek; ok dtucker
* thinko in previous; spotted by Mantas Mikulėnasdjm2019-10-021-2/+2
|
* ban empty namespace strings for sshsig; spotted by Mantas Mikulėnasdjm2019-10-021-2/+2
|
* group and sort single letter options; ok deraadtjmc2019-09-291-4/+4
|
* identity_file[] should be PATH_MAX, not the arbitrary number 1024deraadt2019-09-241-2/+2
|
* Allow testing signature syntax and validity without verifying thatdjm2019-09-161-7/+23
| | | | | | | | a signature came from a trusted signer. To discourage accidental or unintentional use, this is invoked by the deliberately ugly option name "check-novalidate" from Sebastian Kinne
* key conversion should fail for !openssl builds, not fall through todjm2019-09-061-2/+5
| | | | the key generation code
* fixes for !WITH_OPENSSL compilation; ok dtucker@djm2019-09-061-1/+5
|
* lots of things were relying on libcrypto headers to transitivelydjm2019-09-061-1/+2
| | | | | include various system headers (mostly stdlib.h); include them explicitly
* repair typo and editing mishapnaddy2019-09-031-2/+2
|
* sshsig tweaks and improvements from and suggested by Markusdjm2019-09-031-5/+5
| | | | ok markus/me
* sshsig: lightweight signature and verification ability for OpenSSHdjm2019-09-031-4/+321
| | | | | | | | | | | | | This adds a simple manual signature scheme to OpenSSH. Signatures can be made and verified using ssh-keygen -Y sign|verify Signatures embed the key used to make them. At verification time, this is matched via principal name against an authorized_keys-like list of allowed signers. Mostly by Sebastian Kinne w/ some tweaks by me ok markus@
* factor out confirm_overwrite(); ok markus@djm2019-09-031-11/+27
|
* constify an argumentdjm2019-09-021-2/+2
|
* print comment when printing pubkey from privatedjm2019-09-011-7/+13
| | | | bz#3052; ok dtucker
* Allow the maximimum uint32 value for the argument passed to -b whichdtucker2019-08-081-4/+5
| | | | allows better error messages from later validation. bz#3050, ok djm@
* Many key types are supported now, so take care to check the sizenaddy2019-08-051-13/+15
| | | | | | restrictions and apply the default size only to the matching key type. tweak and ok dtucker@
* Accept the verbose flag when searching for host keys in known hostsdjm2019-07-191-2/+10
| | | | | (i.e. "ssh-keygen -vF host") to print the matching host's random- art signature too. bz#3003 "amusing, pretty" deraadt@
* remove mostly vestigal uuencode.[ch]; moving the only uniquedjm2019-07-161-28/+25
| | | | | functionality there (wrapping of base64-encoded data) to sshbuf functions; feedback and ok markus@
* support PKCS8 as an optional format for storage of private keys,djm2019-07-151-11/+14
| | | | | | | | | | | | enabled via "ssh-keygen -m PKCS8" on operations that save private keys to disk. The OpenSSH native key format remains the default, but PKCS8 is a superior format to PEM if interoperability with non-OpenSSH software is required, as it may use a less terrible KDF (IIRC PEM uses a single round of MD5 as a KDF). adapted from patch by Jakub Jelen via bz3013; ok markus
* revert header removal that snuck into previousdjm2019-07-051-1/+2
|
* add a local implementation of BSD realpath() for sftp-server usedjm2019-07-051-2/+1
| | | | | | ahead of OpenBSD's realpath changing to match POSIX; ok deraadt@ (thanks for snaps testing)
* When system calls indicate an error they return -1, not some arbitraryderaadt2019-06-281-12/+12
| | | | | | value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
* Add protection for private keys at rest in RAM against speculationdjm2019-06-211-2/+2
| | | | | | | | | | | | | | | | | | | | | | | and memory sidechannel attacks like Spectre, Meltdown, Rowhammer and Rambleed. This change encrypts private keys when they are not in use with a symmetic key that is derived from a relatively large "prekey" consisting of random data (currently 16KB). Attackers must recover the entire prekey with high accuracy before they can attempt to decrypt the shielded private key, but the current generation of attacks have bit error rates that, when applied cumulatively to the entire prekey, make this unlikely. Implementation-wise, keys are encrypted "shielded" when loaded and then automatically and transparently unshielded when used for signatures or when being saved/serialised. Hopefully we can remove this in a few years time when computer architecture has become less unsafe. been in snaps for a bit already; thanks deraadt@ ok dtucker@ deraadt@
* Replace calls to ssh_malloc_init() by a static init of malloc_options.otto2019-06-061-2/+1
| | | | Prepares for changes in the way malloc is initialized. ok guenther@ dtucker@
* Make the standard output messages of both methods of changing a keylum2019-05-291-5/+16
| | | | | pair's comments (using -c and -C) more applicable to both methods. ok and suggestions djm@ dtucker@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.